Active Directory

Overview

Active Directory is Microsoft’s primary authentication service widely used in Enterprise organizations and even via Microsoft’s cloud services. While Active Directory also supports LDAP protocol support (which Morpheus can integrate with as well), the main Active Directory integration can also be utilized. It is even possible to map Active Directory groups to equivalent Roles within Morpheus. Morpheus will connect over port 389 for non-secure LDAP and port 636 for secure LDAP.

Adding an Active Directory Integration

  1. Navigate to Administration > Tenants

  2. Select a Tenant

  3. Select IDENTITY SOURCES

  4. Select + IDENTITY SOURCE

  5. Choose “Active Directory”

  6. Populate the following:

    Name

    Unique name for authentication type.

    AD Server

    Hostname or IP address of AD Server.

    Domain

    Domain name of AD Domain.

    Binding Username

    Service account username for bind user.

    Binding Password

    Password for bind service account.

    Required Group

    The AD group users must be in to have access (optional)

    Default Role

    The default role a user is assigned if no group is listed under AD user that maps under Role Mappings section.

    Service Account Holder

    This is the admin account type in Morpheus and an AD group can be created and populated to a user that this role should be assigned. Roles are assigned dynamically based on group membership.

    ENABLE ROLE MAPPING PERMISSION

    When selected, Tenant users with appropriate rights to view and edit Roles will have the ability to set role mapping for the Identity Source integration. This allows the Tenant user to edit only the role mappings without viewing or potentially editing the Identity Source configuration.

    MANUAL ROLE ASSIGNMENT

    When selected, administrators can manually edit Roles for users created through this identity source integration from the user detail page (Administration > Users > Selected user).

Note

For more on Identity Source role mapping permissions, see the associated guide in our KnowledgeBase.

  1. Select SAVE CHANGES.

Now allowed AD users can login to Morpheus via their Active Directory credentials and a User will be automatically generated to Morpheus with matching metadata and mapped Role permissions.

Note

Only the username is required with password, not the username@domain.

Note

Sub-tenant Morpheus API authentication for Active Directory generated users is not currently supported.